bcollet/socat
1
0
Fork 0
mirror of https://repo.or.cz/socat.git synced 2025-06-07 10:36:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Further improved readline.sh STDERR handling

Browse source
This commit is contained in:
Gerhard Rieger 2025-01-24 15:54:27 +01:00
parent 4ee1f31cf8
commit 69c9eb550c
3 changed files with 25 additions and 8 deletions

6
CHANGES
View file

@ -1,4 +1,9 @@
 
Security:
readline.sh has new option -lf <logfile> for stderr. If this option is
not given it logs to a file in . (cwd) only when it is not writable by
other users.
####################### V 1.8.0.2: ####################### V 1.8.0.2:
Security: Security:
@ -1410,6 +1415,7 @@ security:
Socat security advisory 7 Socat security advisory 7
MSVR-1499 MSVR-1499
CVE-2016-2217
In the OpenSSL address implementation the hard coded 1024 bit DH p In the OpenSSL address implementation the hard coded 1024 bit DH p
parameter was not prime. The effective cryptographic strength of a key parameter was not prime. The effective cryptographic strength of a key
exchange using these parameters was weaker than the one one could get by exchange using these parameters was weaker than the one one could get by

22
readline.sh
View file

@ -4,15 +4,19 @@
# Published under the GNU General Public License V.2, see file COPYING # Published under the GNU General Public License V.2, see file COPYING
# this is an attempt for a socat based readline wrapper # this is an attempt for a socat based readline wrapper
# usage: readline.sh <command> # usage: readline.sh [options] <program>
withhistfile=1 withhistfile=1
STDERR=
while true; do while true; do
case "X$1" in case "X$1" in
X-nh|X-nohist*) withhistfile=; shift; continue ;; X-lf?*) STDERR="${1:3}" ;;
*) break;; X-lf) shift; STDERR="$1" ;;
X-nh|X-nohist*) withhistfile= ;;
*) break;;
esac esac
shift
done done
PROGRAM="$@" PROGRAM="$@"
@ -25,12 +29,18 @@ fi
# #
# #
if test -w .; then #if test -w .; then
if [ -z "$STDERR" ] && find . -maxdepth 0 -user $USER ! -perm /022 -print |grep ^ >/dev/null; then
# When cwd is owned by $USER and it is neither group nor world writable
STDERR=./socat-readline.${1##*/}.log STDERR=./socat-readline.${1##*/}.log
rm -f $STDERR rm -f $STDERR
else echo "$0: logs go to $STDERR" >&2
elif [ -z "$STDERR" ]; then
echo "$0: insecure working directory, no logs are written" >&2
STDERR=/dev/null STDERR=/dev/null
else
echo "$0: logs go to $STDERR" >&2
fi fi
exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>$STDERR exec socat -d READLINE"$HISTOPT",noecho='[Pp]assword:' EXEC:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>$STDERR

5
test.sh
View file

@ -4925,8 +4925,9 @@ te="$td/test$N.stderr"
tr="$td/test$N.ref" tr="$td/test$N.ref"
tdiff="$td/test$N.diff" tdiff="$td/test$N.diff"
da="test$N $(date) $RANDOM"; da="$da$($ECHO '\r')" da="test$N $(date) $RANDOM"; da="$da$($ECHO '\r')"
# the feature that we really want to test is in the readline.sh script: # the feature that we really want to test is in the readline.sh script
CMD="$TRACE $SOCAT -lpwrapper $opts -t1 open:$tpi,nonblock!!open:$tpo exec:\"./readline.sh -nh ./readline-test.sh\",pty,ctty,setsid,raw,echo=0,isig" READLINE_LOG=; if grep -e -lf ./readline.sh >/dev/null; then READLINE_LOG="-lf $td/test$N.rl-log"; fi
CMD="$TRACE $SOCAT -lpwrapper $opts -t1 open:$tpi,nonblock!!open:$tpo exec:\"./readline.sh -nh $READLINE_LOG ./readline-test.sh\",pty,ctty,setsid,raw,echo=0,isig"
#echo "$CMD" >"$ts" #echo "$CMD" >"$ts"
#chmod a+x "$ts" #chmod a+x "$ts"
printf "test $F_n $TEST... " $N printf "test $F_n $TEST... " $N